hxxp://app[.]adjust[.]com/izw3imq?redirect=https%3A%2F%2F2k2asarltg[.]com%2Fwp-includes%2F%2F%2Fjeff%2Fauth%2F%2Fnuevwu%2F%2F%2FTestAccount@gmail[.]com

Analysis

max time kernel
1800s
max time network
1688s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
21-03-2023 20:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://app.adjust.com/izw3imq?redirect=https%3A%2F%2F2k2asarltg.com%2Fwp-includes%2F%2F%2Fjeff%2Fauth%2F%2Fnuevwu%2F%2F%[email protected]

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133239063366391176"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4544 chrome.exe
4544 chrome.exe
2100 chrome.exe
2100 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

4544 chrome.exe
4544 chrome.exe
4544 chrome.exe
4544 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4544 wrote to memory of 1460	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 1460	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 1084	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 1084	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 1084	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 1084	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 1084	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 1084	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 1084	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 1084	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 1084	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 1084	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 1084	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 1084	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 1084	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 1084	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 1084	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 1084	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 1084	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 1084	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 1084	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 1084	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 1084	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 1084	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 1084	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 1084	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 1084	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 1084	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 1084	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 1084	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 1084	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 1084	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 1084	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 1084	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 1084	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 1084	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 1084	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 1084	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 1084	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 1084	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 2120	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 2120	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 3980	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 3980	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 3980	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 3980	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 3980	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 3980	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 3980	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 3980	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 3980	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 3980	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 3980	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 3980	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 3980	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 3980	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 3980	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 3980	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 3980	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 3980	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 3980	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 3980	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 3980	4544	chrome.exe	chrome.exe
PID 4544 wrote to memory of 3980	4544	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://app.adjust.com/izw3imq?redirect=https%3A%2F%2F2k2asarltg.com%2Fwp-includes%2F%2F%2Fjeff%2Fauth%2F%2Fnuevwu%2F%2F%[email protected]
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb0009758,0x7ffcb0009768,0x7ffcb0009778
2⤵
PID:1460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 --field-trial-handle=1828,i,13995468606252068043,7034777526823445392,131072 /prefetch:2
2⤵
PID:1084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1828,i,13995468606252068043,7034777526823445392,131072 /prefetch:8
2⤵
PID:2120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1828,i,13995468606252068043,7034777526823445392,131072 /prefetch:8
2⤵
PID:3980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3132 --field-trial-handle=1828,i,13995468606252068043,7034777526823445392,131072 /prefetch:1
2⤵
PID:4260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3152 --field-trial-handle=1828,i,13995468606252068043,7034777526823445392,131072 /prefetch:1
2⤵
PID:4796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 --field-trial-handle=1828,i,13995468606252068043,7034777526823445392,131072 /prefetch:8
2⤵
PID:2452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5112 --field-trial-handle=1828,i,13995468606252068043,7034777526823445392,131072 /prefetch:8
2⤵
PID:3264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 --field-trial-handle=1828,i,13995468606252068043,7034777526823445392,131072 /prefetch:8
2⤵
PID:2640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4844 --field-trial-handle=1828,i,13995468606252068043,7034777526823445392,131072 /prefetch:1
2⤵
PID:1336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5408 --field-trial-handle=1828,i,13995468606252068043,7034777526823445392,131072 /prefetch:1
2⤵
PID:1640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4720 --field-trial-handle=1828,i,13995468606252068043,7034777526823445392,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2100

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:460

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
72B

MD5
a698261ee85737d6e45628d92e71bb40

SHA1
5c0900de68d75ae74f63d5adb54b94b4a88027f4

SHA256
bd0b43d4410500643d0e40630018d6ce58ac7eaac1b947c82b7facf819c7c253

SHA512
6787bf86be73b999f408455ce74c754787268b60cc8c05f7adfaa50ede300cde63fb5a18ed0ca059d0772eea384b220696faf351a7344f841977f73f8c3112d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\7f6ff77d-aba4-43d7-a630-28cbd5817e4c.tmp
Filesize
2KB

MD5
e778dfc46c19299e56c46e4c6b5471f4

SHA1
09558e68766ef5e9c01fb7596cea151a595bdc1d

SHA256
f7883eaf9d7cb91ea936e54b598bcdae45283c4ccb20aa03f0b085f4e818ef07

SHA512
4bd7ed2a1824fe49b55c1fae91b601be3c4d408809f23709a8b999b78a1f1784a7f9e643b179dd2fb578dc38bdc408e9f935dcb518507ebbb5fdcb58efb1ba46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
706B

MD5
27c46e8aa9a8ae9787cb4894a9d1e2e1

SHA1
dc9604a5090ced74a91e7bf3c96cf966ebd65a0b

SHA256
dccb765de992a8ecf2579185ab66ac8dabf23018560921a6b5345f53b60547a1

SHA512
6fc230888911b9a193776e64e2b0d5e543d0322249b73b827e865f217cda4f70677e9280d4f08aa266b3994ef7b3cff5aaf16bc121e7258a0a0f7dcf86fa4042

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
2975d459b351ca3b2a65192469c78ead

SHA1
27676890603a6f471d63315ec96e11e6f52ce59c

SHA256
3b4e7d0a12c820297131120810047179e8c127620fd10d0d75d99f9769a1672b

SHA512
98244b97b25212e575ec862f3fd5ab368a51559ce13746553d5f865f22313d975acf33f0d7e6dcd77f490b2b5b9e964988bd7e6d3f2e0ccaa78d93e64f2cf13b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
bf2f822712c360928f7a15fc745c219d

SHA1
3f6fa25162673abdf8f4cbcc7e63e3ab471ed931

SHA256
84e93709c1b9c7d145151cba2bd5be57ff41501fe329dd87b0d86c2efa8d57d1

SHA512
5e0e3d59b56ee34ababcbfc0f303edb8b6cb379acc7126c943c33c752198d97626496ee6283419b8efbb0e72ccc6ce1df8f2452a4f6cc3d2349ba3b7a2d9a8ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
db4bae54a7f3abdfc26048244cfc1b98

SHA1
941f8bd5537dcfdf06a687d1c3a74d404eeb9bc7

SHA256
a88376dbda104582c105df0e718be730712223ab359915dc155ab4d64ea75984

SHA512
989da26c6db3d0a39438d73c72c608ae6b8d48373ce150a73ec688f98ae6035de5ce2acedf9ccbe57061dd39ede477d122e3abe60dc7871e0345397a7d12e725

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
3aaf0abf3fd85bdf605b75f7d466c214

SHA1
b01538bc1ac0fbb06676c85291fc8bbf8ed90f33

SHA256
16f176a2459e82b5d3d43c1f0e803c90395d27433ce3631a947c933605969a18

SHA512
acfdd8454b5d12431d1945deb527bbd5c95ab0b538598150496963bb9f3078af5b58ee85229ad4fa8aad800f57f21738127cccd256c0b759c481383316cd2a6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_4544_UETZZWCELRYHEKKU
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit